Rowland Penny
2019-Apr-19 08:26 UTC
[Samba] winbind offline login - NT_STATUS_NO_SUCH_USER (0xc0000064)
On Fri, 19 Apr 2019 07:50:28 +0200 Martin Krämer via samba <samba at lists.samba.org> wrote:> Hi All, > > I tried multiple topics and did some further analyzing regarding this. > I found that described error below only appears if I restart the > device when connecting from "online" to "offline". > If I keep my device running winbind caches the users correctly. > > Based this I found the following bug report: > https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1165461 > There the error was tracked down to /var/run/samba/gencache.tdb being > stored on a temporary file system and due to this being deleted with > every restart. > I was able to find that "gencache.tdb" on my Debian 9 systems is > stored at /run/samba/gencache.tdb being "run" a tempfs, too. > In the bug report it is described that after changing/adding a new > setting "lock directory = /var/cache/samba/" in smb.conf everything > worked again as expected. > So I did the same and voila ...caching is working even after restarts.I haven't upgraded to 4.10 yet, but on 4.9.6 (Louis's packages) gencache.tdb is in /var/cache/samba, has something changed ? I personally would have used 'cache directory =' , see 'man smb.conf' for the difference. Rowland
Martin Krämer
2019-Apr-19 09:58 UTC
[Samba] winbind offline login - NT_STATUS_NO_SUCH_USER (0xc0000064)
Hi Rowland, thanks for your reply.> I personally would have used 'cache directory =' , see 'man smb.conf' > for the difference. >From description based on man smb.conf I would absolutely agree.I have tried and set the "cache directory" option but still gencache.tdb (and all other files that were moved) left within the /run/samba (lock directory). Never the less I tried logging on "offline" after restart but then I get same error again. As visible within my "testpram --verbose" output below interestingly the default value in 4.10 for 'cache directory' is already equal to 4.9 set to /var/cache/samba. So from my point of view it seems that 'gencache.tdb' (and maybe some other files) are wrongly defined as 'not required across service restarts and can be safely placed on volatile storage' within 4.10.> I haven't upgraded to 4.10 yet, but on 4.9.6 (Louis's packages) > gencache.tdb is in /var/cache/samba, has something changed ?Yep - I can confirm this behavior. I have done a setup (using my same Fully Automatic Installation config) and only changed the repository to use from 'stretch-samba410' to 'stretch-samba49'. On 4.9 gencache.tdb is correctly stored within /var/cache/samba while no smb.conf settings related to this have changed from my point of view. Below is a output of the smb.conf values of my two comparing setups (don't be confused that 4.10 is reporting 'Ubuntu' this is a small error I already reported and only 'design'). For me a short term fix is to use 4.9 for now since my setups seems to work without any special adjustments there, too. Never the less I am of course interested into getting this fixed on long term :) So how should I proceed? Create a bug fix (since as proven this does not seem to be a configuration error by me)? If yes where should I create it and against which package? Thanks again for your help and below my test output :) Kind Regards Martin ------------------ SAMBA 4.9.6 ------------------ *root at cd2bd668e00c7:~# cat /etc/samba/smb.conf* *[global]* * realm = EXAMPLE.CORP* * workgroup = EXAMPLE* * dedicated keytab file = /etc/krb5.keytab* * kerberos method = secrets and keytab* * log level = 0* * winbind use default domain = yes* * winbind refresh tickets = yes* * winbind offline logon = yes* * winbind enum users = no* * winbind enum groups = no* * winbind expand groups = 4* * template shell = /bin/bash* * local master = no* * preferred master = no* * domain master = no* * security = ADS* * idmap config * : backend = tdb* * idmap config * : range = 3000-7000* * idmap config EXAMPLE : backend = rid* * idmap config EXAMPLE : range = 10000-999999* * username map = /etc/samba/samba_usermapping* * usershare path = * * store dos attributes = yes* * map acl inherit = yes* * vfs objects = acl_xattr* * load printers = no* * printing = bsd* * printcap name = /dev/null* * disable spoolss = yes* *root at cd2bd668e00c7:~# samba -V* *Version 4.9.6-Debian* *root at cd2bd668e00c7:~# testparm --verbose* *rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)* *Registered MSG_REQ_POOL_USAGE* *Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED* *Load smb config files from /etc/samba/smb.conf* *rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)* *Loaded services file OK.* *Server role: ROLE_DOMAIN_MEMBER* *Press enter to see a dump of your service definitions* *# Global parameters* *[global]* * abort shutdown script = * * add group script = * * add machine script = * * addport command = * * addprinter command = * * add share command = * * add user script = * * add user to group script = * * afs token lifetime = 604800* * afs username map = * * aio max threads = 100* * algorithmic rid base = 1000* * allow dcerpc auth level connect = No* * allow dns updates = secure only* * allow insecure wide links = No* * allow nt4 crypto = No* * allow trusted domains = Yes* * allow unsafe cluster upgrade = No* * apply group policies = No* * async smb echo handler = No* * auth event notification = No* * auto services = * * binddns dir = /var/lib/samba/bind-dns* * bind interfaces only = No* * browse list = Yes* * cache directory = /var/cache/samba* * change notify = Yes* * change share command = * * check password script = * * cldap port = 389* * client ipc max protocol = default* * client ipc min protocol = default* * client ipc signing = default* * client lanman auth = No* * client ldap sasl wrapping = sign* * client max protocol = default* * client min protocol = CORE* * client NTLMv2 auth = Yes* * client plaintext auth = No* * client schannel = Yes* * client signing = default* * client use spnego principal = No* * client use spnego = Yes* * cluster addresses = * * clustering = No* * config backend = file* * config file = * * create krb5 conf = Yes* * ctdbd socket = * * ctdb locktime warn threshold = 0* * ctdb timeout = 0* * cups connection timeout = 30* * cups encrypt = No* * cups server = * * dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver* * deadtime = 0* * debug class = No* * debug hires timestamp = Yes* * debug pid = No* * debug prefix timestamp = No* * debug uid = No* * dedicated keytab file = /etc/krb5.keytab* * default service = * * defer sharing violations = Yes* * delete group script = * * deleteprinter command = * * delete share command = * * delete user from group script = * * delete user script = * * dgram port = 138* * disable netbios = No* * disable spoolss = Yes* * dns forwarder = * * dns proxy = Yes* * dns update command = /usr/sbin/samba_dnsupdate* * dns zone scavenging = No* * domain logons = No* * domain master = No* * dos charset = CP850* * dsdb event notification = No* * dsdb group change notification = No* * dsdb password event notification = No* * enable asu support = No* * enable core files = Yes* * enable privileges = Yes* * encrypt passwords = Yes* * enhanced browsing = Yes* * enumports command = * * eventlog list = * * get quota command = * * getwd cache = Yes* * gpo update command = /usr/sbin/samba-gpupdate* * guest account = nobody* * homedir map = auto.home* * host msdfs = Yes* * hostname lookups = No* * idmap backend = tdb* * idmap cache time = 604800* * idmap gid = * * idmap negative cache time = 120* * idmap uid = * * include system krb5 conf = Yes* * init logon delay = 100* * init logon delayed hosts = * * interfaces = * * iprint server = * * keepalive = 300* * kerberos encryption types = all* * kerberos method = secrets and keytab* * kernel change notify = Yes* * kpasswd port = 464* * krb5 port = 88* * lanman auth = No* * large readwrite = Yes* * ldap admin dn = * * ldap connection timeout = 2* * ldap debug level = 0* * ldap debug threshold = 10* * ldap delete dn = No* * ldap deref = auto* * ldap follow referral = Auto* * ldap group suffix = * * ldap idmap suffix = * * ldap machine suffix = * * ldap page size = 1000* * ldap passwd sync = no* * ldap replication sleep = 1000* * ldap server require strong auth = Yes* * ldap ssl = start tls* * ldap ssl ads = No* * ldap suffix = * * ldap timeout = 15* * ldap user suffix = * * lm announce = Auto* * lm interval = 60* * load printers = No* * local master = No* * lock directory = /var/run/samba* * lock spin time = 200* * log file = * * logging = * * log level = 2* * log nt token command = * * logon drive = * * logon home = \\%N\%U* * logon path = \\%N\%U\profile* * logon script = * * log writeable files on exit = No* * lpq cache time = 30* * lsa over netlogon = No* * machine password timeout = 604800* * mangle prefix = 1* * mangling method = hash2* * map to guest = Never* * max disk size = 0* * max log size = 5000* * max mux = 50* * max open files = 16384* * max smbd processes = 0* * max stat cache size = 256* * max ttl = 259200* * max wins ttl = 518400* * max xmit = 16644* * mdns name = netbios* * message command = * * min receivefile size = 0* * min wins ttl = 21600* * mit kdc command = * * multicast dns register = Yes* * name cache timeout = 660* * name resolve order = lmhosts wins host bcast* * nbt client socket address = 0.0.0.0* * nbt port = 137* * ncalrpc dir = /var/run/samba/ncalrpc* * netbios aliases = * * netbios name = CD2BD668E00C7* * netbios scope = * * neutralize nt4 emulation = No* * NIS homedir = No* * nmbd bind explicit broadcast = Yes* * nsupdate command = /usr/bin/nsupdate -g* * ntlm auth = ntlmv2-only* * nt pipe support = Yes* * ntp signd socket directory = /var/lib/samba/ntp_signd* * nt status support = Yes* * null passwords = No* * obey pam restrictions = No* * old password allowed period = 60* * oplock break wait time = 0* * os2 driver map = * * os level = 20* * pam password change = No* * panic action = * * passdb backend = tdbsam* * passdb expand explicit = No* * passwd chat = *new*password* %n\n *new*password* %n\n *changed** * passwd chat debug = No* * passwd chat timeout = 2* * passwd program = * * password hash gpg key ids = * * password hash userPassword schemes = * * password server = ** * perfcount module = * * pid directory = /var/run/samba* * preferred master = No* * prefork children = 1* * preload modules = * * printcap cache time = 750* * printcap name = /dev/null* * private dir = /var/lib/samba/private* * raw NTLMv2 auth = No* * read raw = Yes* * realm = EXAMPLE.CORP* * registry shares = No* * reject md5 clients = No* * reject md5 servers = No* * remote announce = * * remote browse sync = * * rename user script = * * require strong key = Yes* * reset on zero vc = No* * restrict anonymous = 0* * rndc command = /usr/sbin/rndc* * root directory = * * rpc big endian = No* * rpc server dynamic port range = 49152-65535* * rpc server port = 0* * samba kcc command = /usr/sbin/samba_kcc* * security = ADS* * server max protocol = SMB3* * server min protocol = LANMAN1* * server multi channel support = No* * server role = auto* * server schannel = Yes* * server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns* * server signing = default* * server string = Samba 4.9.6-Debian* * set primary group script = * * set quota command = * * share backend = classic* * show add printer wizard = Yes* * shutdown script = * * smb2 leases = Yes* * smb2 max credits = 8192* * smb2 max read = 8388608* * smb2 max trans = 8388608* * smb2 max write = 8388608* * smbd profiling level = off* * smb passwd file = /etc/samba/smbpasswd* * smb ports = 445 139* * socket options = TCP_NODELAY* * spn update command = /usr/sbin/samba_spnupdate* * stat cache = Yes* * state directory = /var/lib/samba* * svcctl list = * * syslog = 1* * syslog only = No* * template homedir = /home/%D/%U* * template shell = /bin/bash* * time server = No* * timestamp logs = Yes* * tls cafile = tls/ca.pem* * tls certfile = tls/cert.pem* * tls crlfile = * * tls dh params file = * * tls enabled = Yes* * tls keyfile = tls/key.pem* * tls priority = NORMAL:-VERS-SSL3.0* * tls verify peer = as_strict_as_possible* * unicode = Yes* * unix charset = UTF-8* * unix extensions = Yes* * unix password sync = No* * use mmap = Yes* * username level = 0* * username map = /etc/samba/samba_usermapping* * username map cache time = 0* * username map script = * * usershare allow guests = No* * usershare max shares = 100* * usershare owner only = Yes* * usershare path = * * usershare prefix allow list = * * usershare prefix deny list = * * usershare template share = * * utmp = No* * utmp directory = * * web port = 901* * winbind cache time = 300* * winbindd socket directory = /var/run/samba/winbindd* * winbind enum groups = No* * winbind enum users = No* * winbind expand groups = 4* * winbind max clients = 200* * winbind max domain connections = 1* * winbind nested groups = Yes* * winbind normalize names = No* * winbind nss info = template* * winbind offline logon = Yes* * winbind reconnect delay = 30* * winbind refresh tickets = Yes* * winbind request timeout = 60* * winbind rpc only = No* * winbind scan trusted domains = Yes* * winbind sealed pipes = Yes* * winbind separator = \* * winbind use default domain = Yes* * wins hook = * * wins proxy = No* * wins server = * * wins support = No* * workgroup = EXAMPLE* * write raw = Yes* * wtmp directory = * * idmap config example : range = 10000-999999* * idmap config example : backend = rid* * idmap config * : range = 3000-7000* * idmap config * : backend = tdb* * access based share enum = No* * acl allow execute always = No* * acl check permissions = Yes* * acl group control = No* * acl map full control = Yes* * administrative share = No* * admin users = * * afs share = No* * aio read size = 1* * aio write behind = * * aio write size = 1* * allocation roundup size = 1048576* * available = Yes* * blocking locks = Yes* * block size = 1024* * browseable = Yes* * case sensitive = Auto* * check parent directory delete on close = No* * comment = * * copy = * * create mask = 0744* * csc policy = manual* * cups options = * * default case = lower* * default devmode = Yes* * delete readonly = No* * delete veto files = No* * dfree cache time = 0* * dfree command = * * directory mask = 0755* * directory name cache size = 100* * dmapi support = No* * dont descend = * * dos filemode = No* * dos filetime resolution = No* * dos filetimes = Yes* * durable handles = Yes* * ea support = Yes* * fake directory create times = No* * fake oplocks = No* * follow symlinks = Yes* * force create mode = 0000* * force directory mode = 0000* * force group = * * force printername = No* * force unknown acl user = No* * force user = * * fstype = NTFS* * guest ok = No* * guest only = No* * hide dot files = Yes* * hide files = * * hide special files = No* * hide unreadable = No* * hide unwriteable files = No* * hosts allow = * * hosts deny = * * include = * * inherit acls = No* * inherit owner = no* * inherit permissions = No* * invalid users = * * kernel oplocks = No* * kernel share modes = Yes* * level2 oplocks = Yes* * locking = Yes* * lppause command = * * lpq command = %p* * lpresume command = * * lprm command = * * magic output = * * magic script = * * mangled names = yes* * mangling char = ~* * map acl inherit = Yes* * map archive = Yes* * map hidden = No* * map readonly = no* * map system = No* * max connections = 0* * max print jobs = 1000* * max reported print jobs = 0* * min print space = 0* * msdfs proxy = * * msdfs root = No* * msdfs shuffle referrals = No* * nt acl support = Yes* * ntvfs handler = unixuid, default* * oplocks = Yes* * path = * * posix locking = Yes* * postexec = * * preexec = * * preexec close = No* * preserve case = Yes* * printable = No* * print command = * * printer name = * * printing = bsd* * printjob username = %U* * print notify backchannel = No* * queuepause command = * * queueresume command = * * read list = * * read only = Yes* * root postexec = * * root preexec = * * root preexec close = No* * short preserve case = Yes* * smb encrypt = default* * spotlight = No* * store dos attributes = Yes* * strict allocate = No* * strict locking = Auto* * strict rename = No* * strict sync = Yes* * sync always = No* * use client driver = No* * use sendfile = No* * valid users = * * veto files = * * veto oplock files = * * vfs objects = acl_xattr* * volume = * * wide links = No* * write cache size = 0* * write list = * *root at cd2bd668e00c7:~# find / -iname "gencache.tdb"* */var/cache/samba/gencache.tdb* *find: ‘/run/user/112/gvfs’: Permission denied* *root at cd2bd668e00c7:~# lsb_release -a* *No LSB modules are available.* *Distributor ID: Debian* *Description: Debian GNU/Linux 9.8 (stretch)* *Release: 9.8* *Codename: stretch* *root at cd2bd668e00c7:~#* ------------------ SAMBA 4.10.2 ------------------ *root at c6c6bfdf18f87:~# cat /etc/samba/smb.conf* *[global]* * realm = EXAMPLE.CORP* * workgroup = EXAMPLE* * dedicated keytab file = /etc/krb5.keytab* * kerberos method = secrets and keytab* * log level = 0* * winbind use default domain = yes* * winbind refresh tickets = yes* * winbind offline logon = yes* * winbind enum users = no* * winbind enum groups = no* * winbind expand groups = 4* * template shell = /bin/bash* * local master = no* * preferred master = no* * domain master = no* * security = ADS* * idmap config * : backend = tdb* * idmap config * : range = 3000-7000* * idmap config EXAMPLE : backend = rid* * idmap config EXAMPLE : range = 10000-999999* * username map = /etc/samba/samba_usermapping* * usershare path = * * store dos attributes = yes* * map acl inherit = yes* * vfs objects = acl_xattr* * load printers = no* * printing = bsd* * printcap name = /dev/null* * disable spoolss = yes* *root at c6c6bfdf18f87:~# samba -V* *Version 4.10.2-Ubuntu* *root at c6c6bfdf18f87:~# testparm --verbose* *Load smb config files from /etc/samba/smb.conf* *Loaded services file OK.* *Server role: ROLE_DOMAIN_MEMBER* *Press enter to see a dump of your service definitions* *# Global parameters* *[global]* * abort shutdown script = * * add group script = * * add machine script = * * addport command = * * addprinter command = * * add share command = * * add user script = * * add user to group script = * * afs token lifetime = 604800* * afs username map = * * aio max threads = 100* * algorithmic rid base = 1000* * allow dcerpc auth level connect = No* * allow dns updates = secure only* * allow insecure wide links = No* * allow nt4 crypto = No* * allow trusted domains = Yes* * allow unsafe cluster upgrade = No* * apply group policies = No* * async smb echo handler = No* * auth event notification = No* * auto services = * * binddns dir = /var/lib/samba/bind-dns* * bind interfaces only = No* * browse list = Yes* * cache directory = /var/cache/samba* * change notify = Yes* * change share command = * * check password script = * * cldap port = 389* * client ipc max protocol = default* * client ipc min protocol = default* * client ipc signing = default* * client lanman auth = No* * client ldap sasl wrapping = sign* * client max protocol = default* * client min protocol = CORE* * client NTLMv2 auth = Yes* * client plaintext auth = No* * client schannel = Yes* * client signing = default* * client use spnego principal = No* * client use spnego = Yes* * cluster addresses = * * clustering = No* * config backend = file* * config file = * * create krb5 conf = Yes* * ctdbd socket = * * ctdb locktime warn threshold = 0* * ctdb timeout = 0* * cups connection timeout = 30* * cups encrypt = No* * cups server = * * dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver* * deadtime = 0* * debug class = No* * debug hires timestamp = Yes* * debug pid = No* * debug prefix timestamp = No* * debug uid = No* * dedicated keytab file = /etc/krb5.keytab* * default service = * * defer sharing violations = Yes* * delete group script = * * deleteprinter command = * * delete share command = * * delete user from group script = * * delete user script = * * dgram port = 138* * disable netbios = No* * disable spoolss = Yes* * dns forwarder = * * dns proxy = Yes* * dns update command = /usr/sbin/samba_dnsupdate* * dns zone scavenging = No* * domain logons = No* * domain master = No* * dos charset = CP850* * dsdb event notification = No* * dsdb group change notification = No* * dsdb password event notification = No* * enable asu support = No* * enable core files = Yes* * enable privileges = Yes* * encrypt passwords = Yes* * enhanced browsing = Yes* * enumports command = * * eventlog list = * * get quota command = * * getwd cache = Yes* * gpo update command = /usr/sbin/samba-gpupdate* * guest account = nobody* * homedir map = auto.home* * host msdfs = Yes* * hostname lookups = No* * idmap backend = tdb* * idmap cache time = 604800* * idmap gid = * * idmap negative cache time = 120* * idmap uid = * * include system krb5 conf = Yes* * init logon delay = 100* * init logon delayed hosts = * * interfaces = * * iprint server = * * keepalive = 300* * kerberos encryption types = all* * kerberos method = secrets and keytab* * kernel change notify = Yes* * kpasswd port = 464* * krb5 port = 88* * lanman auth = No* * large readwrite = Yes* * ldap admin dn = * * ldap connection timeout = 2* * ldap debug level = 0* * ldap debug threshold = 10* * ldap delete dn = No* * ldap deref = auto* * ldap follow referral = Auto* * ldap group suffix = * * ldap idmap suffix = * * ldap machine suffix = * * ldap page size = 1000* * ldap passwd sync = no* * ldap replication sleep = 1000* * ldap server require strong auth = Yes* * ldap ssl = start tls* * ldap ssl ads = No* * ldap suffix = * * ldap timeout = 15* * ldap user suffix = * * lm announce = Auto* * lm interval = 60* * load printers = No* * local master = No* * lock directory = /var/run/samba* * lock spin time = 200* * log file = * * logging = * * log level = 1* * log nt token command = * * logon drive = * * logon home = \\%N\%U* * logon path = \\%N\%U\profile* * logon script = * * log writeable files on exit = No* * lpq cache time = 30* * lsa over netlogon = No* * machine password timeout = 604800* * mangle prefix = 1* * mangling method = hash2* * map to guest = Never* * max disk size = 0* * max log size = 5000* * max mux = 50* * max open files = 16384* * max smbd processes = 0* * max stat cache size = 256* * max ttl = 259200* * max wins ttl = 518400* * max xmit = 16644* * mdns name = netbios* * message command = * * min receivefile size = 0* * min wins ttl = 21600* * mit kdc command = * * multicast dns register = Yes* * name cache timeout = 660* * name resolve order = lmhosts wins host bcast* * nbt client socket address = 0.0.0.0* * nbt port = 137* * ncalrpc dir = /var/run/samba/ncalrpc* * netbios aliases = * * netbios name = C6C6BFDF18F87* * netbios scope = * * neutralize nt4 emulation = No* * NIS homedir = No* * nmbd bind explicit broadcast = Yes* * nsupdate command = /usr/bin/nsupdate -g* * ntlm auth = ntlmv2-only* * nt pipe support = Yes* * ntp signd socket directory = /var/lib/samba/ntp_signd* * nt status support = Yes* * null passwords = No* * obey pam restrictions = No* * old password allowed period = 60* * oplock break wait time = 0* * os2 driver map = * * os level = 20* * pam password change = No* * panic action = * * passdb backend = tdbsam* * passdb expand explicit = No* * passwd chat = *new*password* %n\n *new*password* %n\n *changed** * passwd chat debug = No* * passwd chat timeout = 2* * passwd program = * * password hash gpg key ids = * * password hash userPassword schemes = * * password server = ** * perfcount module = * * pid directory = /var/run/samba* * preferred master = No* * prefork backoff increment = 10* * prefork children = 4* * prefork maximum backoff = 120* * preload modules = * * printcap cache time = 750* * printcap name = /dev/null* * private dir = /var/lib/samba/private* * raw NTLMv2 auth = No* * read raw = Yes* * realm = EXAMPLE.CORP* * registry shares = No* * reject md5 clients = No* * reject md5 servers = No* * remote announce = * * remote browse sync = * * rename user script = * * require strong key = Yes* * reset on zero vc = No* * restrict anonymous = 0* * rndc command = /usr/sbin/rndc* * root directory = * * rpc big endian = No* * rpc server dynamic port range = 49152-65535* * rpc server port = 0* * samba kcc command = /usr/sbin/samba_kcc* * security = ADS* * server max protocol = SMB3* * server min protocol = LANMAN1* * server multi channel support = No* * server role = auto* * server schannel = Yes* * server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns* * server signing = default* * server string = Samba 4.10.2-Ubuntu* * set primary group script = * * set quota command = * * share backend = classic* * show add printer wizard = Yes* * shutdown script = * * smb2 leases = Yes* * smb2 max credits = 8192* * smb2 max read = 8388608* * smb2 max trans = 8388608* * smb2 max write = 8388608* * smbd profiling level = off* * smb passwd file = /etc/samba/smbpasswd* * smb ports = 445 139* * socket options = TCP_NODELAY* * spn update command = /usr/sbin/samba_spnupdate* * stat cache = Yes* * state directory = /var/lib/samba* * svcctl list = * * syslog = 1* * syslog only = No* * template homedir = /home/%D/%U* * template shell = /bin/bash* * time server = No* * timestamp logs = Yes* * tls cafile = tls/ca.pem* * tls certfile = tls/cert.pem* * tls crlfile = * * tls dh params file = * * tls enabled = Yes* * tls keyfile = tls/key.pem* * tls priority = NORMAL:-VERS-SSL3.0* * tls verify peer = as_strict_as_possible* * unicode = Yes* * unix charset = UTF-8* * unix extensions = Yes* * unix password sync = No* * use mmap = Yes* * username level = 0* * username map = /etc/samba/samba_usermapping* * username map cache time = 0* * username map script = * * usershare allow guests = No* * usershare max shares = 100* * usershare owner only = Yes* * usershare path = * * usershare prefix allow list = * * usershare prefix deny list = * * usershare template share = * * utmp = No* * utmp directory = * * web port = 901* * winbind cache time = 300* * winbindd socket directory = /var/run/samba/winbindd* * winbind enum groups = No* * winbind enum users = No* * winbind expand groups = 4* * winbind max clients = 200* * winbind max domain connections = 1* * winbind nested groups = Yes* * winbind normalize names = No* * winbind nss info = template* * winbind offline logon = Yes* * winbind reconnect delay = 30* * winbind refresh tickets = Yes* * winbind request timeout = 60* * winbind rpc only = No* * winbind scan trusted domains = Yes* * winbind sealed pipes = Yes* * winbind separator = \* * winbind use default domain = Yes* * wins hook = * * wins proxy = No* * wins server = * * wins support = No* * workgroup = EXAMPLE* * write raw = Yes* * wtmp directory = * * idmap config example : range = 10000-999999* * idmap config example : backend = rid* * idmap config * : range = 3000-7000* * idmap config * : backend = tdb* * access based share enum = No* * acl allow execute always = No* * acl check permissions = Yes* * acl group control = No* * acl map full control = Yes* * administrative share = No* * admin users = * * afs share = No* * aio read size = 1* * aio write behind = * * aio write size = 1* * allocation roundup size = 1048576* * available = Yes* * blocking locks = Yes* * block size = 1024* * browseable = Yes* * case sensitive = Auto* * check parent directory delete on close = No* * comment = * * copy = * * create mask = 0744* * csc policy = manual* * cups options = * * default case = lower* * default devmode = Yes* * delete readonly = No* * delete veto files = No* * dfree cache time = 0* * dfree command = * * directory mask = 0755* * directory name cache size = 100* * dmapi support = No* * dont descend = * * dos filemode = No* * dos filetime resolution = No* * dos filetimes = Yes* * durable handles = Yes* * ea support = Yes* * fake directory create times = No* * fake oplocks = No* * follow symlinks = Yes* * force create mode = 0000* * force directory mode = 0000* * force group = * * force printername = No* * force unknown acl user = No* * force user = * * fstype = NTFS* * guest ok = No* * guest only = No* * hide dot files = Yes* * hide files = * * hide new files timeout = 0* * hide special files = No* * hide unreadable = No* * hide unwriteable files = No* * hosts allow = * * hosts deny = * * include = * * inherit acls = No* * inherit owner = no* * inherit permissions = No* * invalid users = * * kernel oplocks = No* * kernel share modes = Yes* * level2 oplocks = Yes* * locking = Yes* * lppause command = * * lpq command = %p* * lpresume command = * * lprm command = * * magic output = * * magic script = * * mangled names = yes* * mangling char = ~* * map acl inherit = Yes* * map archive = Yes* * map hidden = No* * map readonly = no* * map system = No* * max connections = 0* * max print jobs = 1000* * max reported print jobs = 0* * min print space = 0* * msdfs proxy = * * msdfs root = No* * msdfs shuffle referrals = No* * nt acl support = Yes* * ntvfs handler = unixuid, default* * oplocks = Yes* * path = * * posix locking = Yes* * postexec = * * preexec = * * preexec close = No* * preserve case = Yes* * printable = No* * print command = * * printer name = * * printing = bsd* * printjob username = %U* * print notify backchannel = No* * queuepause command = * * queueresume command = * * read list = * * read only = Yes* * root postexec = * * root preexec = * * root preexec close = No* * short preserve case = Yes* * smbd async dosmode = No* * smbd getinfo ask sharemode = Yes* * smbd max async dosmode = 0* * smbd search ask sharemode = Yes* * smb encrypt = default* * spotlight = No* * store dos attributes = Yes* * strict allocate = No* * strict locking = Auto* * strict rename = No* * strict sync = Yes* * sync always = No* * use client driver = No* * use sendfile = No* * valid users = * * veto files = * * veto oplock files = * * vfs objects = acl_xattr* * volume = * * wide links = No* * write cache size = 0* * write list = * *root at c6c6bfdf18f87:~# find / -iname "gencache.tdb"* *find: ‘/run/user/112/gvfs’: Permission denied* */run/samba/gencache.tdb* *root at c6c6bfdf18f87:~# lsb_release -a* *No LSB modules are available.* *Distributor ID: Debian* *Description: Debian GNU/Linux 9.8 (stretch)* *Release: 9.8* *Codename: stretch* *root at c6c6bfdf18f87:~#* Am Fr., 19. Apr. 2019 um 10:27 Uhr schrieb Rowland Penny via samba < samba at lists.samba.org>:> On Fri, 19 Apr 2019 07:50:28 +0200 > Martin Krämer via samba <samba at lists.samba.org> wrote: > > > Hi All, > > > > I tried multiple topics and did some further analyzing regarding this. > > I found that described error below only appears if I restart the > > device when connecting from "online" to "offline". > > If I keep my device running winbind caches the users correctly. > > > > Based this I found the following bug report: > > https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1165461 > > There the error was tracked down to /var/run/samba/gencache.tdb being > > stored on a temporary file system and due to this being deleted with > > every restart. > > I was able to find that "gencache.tdb" on my Debian 9 systems is > > stored at /run/samba/gencache.tdb being "run" a tempfs, too. > > In the bug report it is described that after changing/adding a new > > setting "lock directory = /var/cache/samba/" in smb.conf everything > > worked again as expected. > > So I did the same and voila ...caching is working even after restarts. > > I haven't upgraded to 4.10 yet, but on 4.9.6 (Louis's packages) > gencache.tdb is in /var/cache/samba, has something changed ? > > I personally would have used 'cache directory =' , see 'man smb.conf' > for the difference. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland Penny
2019-Apr-19 11:28 UTC
[Samba] winbind offline login - NT_STATUS_NO_SUCH_USER (0xc0000064)
On Fri, 19 Apr 2019 11:58:23 +0200 Martin Krämer <mk.maddin at gmail.com> wrote:> Hi Rowland, > > thanks for your reply. > > > I personally would have used 'cache directory =' , see 'man > > smb.conf' for the difference. > From description based on man smb.conf I would absolutely agree. > I have tried and set the "cache directory" option but still > gencache.tdb (and all other files that were moved) left within > the /run/samba (lock directory). > Never the less I tried logging on "offline" after restart but then I > get same error again.Without 'gencache.tdb' offline logon will not work, well thats me stuck on 4.9.x on this computer ;-)> > As visible within my "testpram --verbose" output below interestingly > the default value in 4.10 for 'cache directory' is already equal to > 4.9 set to /var/cache/samba. > So from my point of view it seems that 'gencache.tdb' (and maybe some > other files) are wrongly defined as 'not required across service > restarts and can be safely placed on volatile storage' within 4.10.Don't think this is a Samba problem, after a quick check, I take that back ;-) If you check the source for gencache.c you will find this: - cache_fname = cache_path(talloc_tos(), "gencache.tdb"); + cache_fname = lock_path(talloc_tos(), "gencache.tdb");> Never the less I am of course interested into getting this fixed on > long term :) > So how should I proceed? > Create a bug fix (since as proven this does not seem to be a > configuration error by me)? > If yes where should I create it and against which package?From my understanding (limited as it is when it comes to the 'C' code), only things in the 'cache' directory are supposed to survive a reboot, so the thing you need for offline logon, looks like it has been moved to a directory where it wont. Rowland
Rowland Penny
2019-Apr-19 12:36 UTC
[Samba] winbind offline login - NT_STATUS_NO_SUCH_USER (0xc0000064)
On Fri, 19 Apr 2019 14:17:16 +0200 Martin Krämer <mk.maddin at gmail.com> wrote:> Hi Rowland, > > > From my understanding (limited as it is when it comes to the 'C' > > code), only things in the 'cache' directory are supposed to survive > > a reboot, so the thing you need for offline logon, looks like it > > has been moved to a directory where it wont. > Yes I agree. > > I checked the commit where this was changed and found the following: > https://gitlab.com/samba-team/samba/commit/1386200be5c583c680c3894a11688a0e0a3d2285 > > But now - what to do with this? > It seems that there was a legit reason for gencache.tdb to be moved > and I am not enough expert on C or samba to fully understand why and > if that change was correct. > (Not needed to say that I see no benefit in "blaming" someone for 'you > broke it' - I think everybody does his best here to get samba even > better than it already is :) ) > Never the less it breaks the offline login - so do you think it is > worth creating a new bug report?Yes, you do at least know what the problem is and when it was changed.> > I searched some more and found a bug report ( > https://bugzilla.samba.org/show_bug.cgi?id=10455) > that from my point of view seems to be related to one of the first > lists.samba.org links I referenced to > https://lists.samba.org/archive/samba/2019-February/221157.html > What I have read there in it still could be possible that the root > cause is the same - even when I am personally missing some more > details on which versions were checked on the last state update etc. > But I am absolutely not sure if it is preferred by samba devs to > "extend" an existing bug or just create a new one and reference...I don't think they have anything to do with this current problem, as I said, I am using 4.8.9 and offline logon works for me.> > PS: You replied off list - was this a mistake or did you just not > want all your comments available to the "world"? As someone facing > issues I am always happy to find "old" entries in lists that provide > any usable information :)No, I didn't, I replied to the list (I have checked)>Rowland
Martin Krämer
2019-Apr-20 10:19 UTC
[Samba] winbind offline login - NT_STATUS_NO_SUCH_USER (0xc0000064)
Hi All, I created bug report below: https://bugzilla.samba.org/show_bug.cgi?id=13908 Thanks again to Rowland for your input Am Fr., 19. Apr. 2019 um 14:37 Uhr schrieb Rowland Penny via samba < samba at lists.samba.org>:> On Fri, 19 Apr 2019 14:17:16 +0200 > Martin Krämer <mk.maddin at gmail.com> wrote: > > > Hi Rowland, > > > > > From my understanding (limited as it is when it comes to the 'C' > > > code), only things in the 'cache' directory are supposed to survive > > > a reboot, so the thing you need for offline logon, looks like it > > > has been moved to a directory where it wont. > > Yes I agree. > > > > I checked the commit where this was changed and found the following: > > > https://gitlab.com/samba-team/samba/commit/1386200be5c583c680c3894a11688a0e0a3d2285 > > > > But now - what to do with this? > > It seems that there was a legit reason for gencache.tdb to be moved > > and I am not enough expert on C or samba to fully understand why and > > if that change was correct. > > (Not needed to say that I see no benefit in "blaming" someone for 'you > > broke it' - I think everybody does his best here to get samba even > > better than it already is :) ) > > Never the less it breaks the offline login - so do you think it is > > worth creating a new bug report? > > Yes, you do at least know what the problem is and when it was changed. > > > > > I searched some more and found a bug report ( > > https://bugzilla.samba.org/show_bug.cgi?id=10455) > > that from my point of view seems to be related to one of the first > > lists.samba.org links I referenced to > > https://lists.samba.org/archive/samba/2019-February/221157.html > > What I have read there in it still could be possible that the root > > cause is the same - even when I am personally missing some more > > details on which versions were checked on the last state update etc. > > But I am absolutely not sure if it is preferred by samba devs to > > "extend" an existing bug or just create a new one and reference... > > I don't think they have anything to do with this current problem, as I > said, I am using 4.8.9 and offline logon works for me. > > > > > PS: You replied off list - was this a mistake or did you just not > > want all your comments available to the "world"? As someone facing > > issues I am always happy to find "old" entries in lists that provide > > any usable information :) > > No, I didn't, I replied to the list (I have checked) > > > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Maybe Matching Threads
- winbind offline login - NT_STATUS_NO_SUCH_USER (0xc0000064)
- winbind offline login - NT_STATUS_NO_SUCH_USER (0xc0000064)
- winbind offline login - NT_STATUS_NO_SUCH_USER (0xc0000064)
- winbind offline login - NT_STATUS_NO_SUCH_USER (0xc0000064)
- winbind offline login - NT_STATUS_NO_SUCH_USER (0xc0000064)